CVE - CVE-2009-0733

CVE-ID
CVE-2009-0733	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20090320 [oCERT-2009-003] LittleCMS integer errors URL:http://www.securityfocus.com/archive/1/archive/1/502031/100/0/threaded BUGTRAQ:20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted) URL:http://www.securityfocus.com/archive/1/archive/1/502018/100/0/threaded MISC:http://scary.beasts.org/security/CESA-2009-003.html MISC:http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html MISC:http://www.ocert.org/advisories/ocert-2009-003.html CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=487512 DEBIAN:DSA-1745 URL:http://www.debian.org/security/2009/dsa-1745 DEBIAN:DSA-1769 URL:http://www.debian.org/security/2009/dsa-1769 FEDORA:FEDORA-2009-2903 URL:https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html FEDORA:FEDORA-2009-2910 URL:https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html FEDORA:FEDORA-2009-2928 URL:https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html FEDORA:FEDORA-2009-2970 URL:https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html FEDORA:FEDORA-2009-2982 URL:https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html FEDORA:FEDORA-2009-2983 URL:https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html FEDORA:FEDORA-2009-3034 URL:https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html GENTOO:GLSA-200904-19 URL:http://security.gentoo.org/glsa/glsa-200904-19.xml MANDRIVA:MDVSA-2009:121 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:121 MANDRIVA:MDVSA-2009:137 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:137 MANDRIVA:MDVSA-2009:162 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:162 REDHAT:RHSA-2009:0339 URL:http://www.redhat.com/support/errata/RHSA-2009-0339.html REDHAT:RHSA-2009:0377 URL:https://rhn.redhat.com/errata/RHSA-2009-0377.html SLACKWARE:SSA:2009-083-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.487438 SUSE:SUSE-SR:2009:007 URL:http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html UBUNTU:USN-744-1 URL:http://www.ubuntu.com/usn/USN-744-1 BID:34185 URL:http://www.securityfocus.com/bid/34185 OVAL:oval:org.mitre.oval:def:9742 URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9742 SECTRACK:1021869 URL:http://www.securitytracker.com/id?1021869 SECUNIA:34367 URL:http://secunia.com/advisories/34367 SECUNIA:34382 URL:http://secunia.com/advisories/34382 SECUNIA:34400 URL:http://secunia.com/advisories/34400 SECUNIA:34418 URL:http://secunia.com/advisories/34418 SECUNIA:34442 URL:http://secunia.com/advisories/34442 SECUNIA:34450 URL:http://secunia.com/advisories/34450 SECUNIA:34454 URL:http://secunia.com/advisories/34454 SECUNIA:34463 URL:http://secunia.com/advisories/34463 SECUNIA:34408 URL:http://secunia.com/advisories/34408 SECUNIA:34675 URL:http://secunia.com/advisories/34675 SECUNIA:34632 URL:http://secunia.com/advisories/34632 SECUNIA:34782 URL:http://secunia.com/advisories/34782 VUPEN:ADV-2009-0775 URL:http://www.vupen.com/english/advisories/2009/0775 XF:littlecms-readsetofcurves-bo(49330) URL:http://xforce.iss.net/xforce/xfdb/49330
Date Entry Created
20090225	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090225)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures List and the associated references from this Web site are subject to the Terms of Use. For more information, please email cve@mitre.org.

CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2017, The MITRE Corporation. CVE and the CVE logo are registered trademarks and CVE-Compatible is a trademark of The MITRE Corporation.

Site Map
Privacy policy
Terms of use
Contact us